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IN TfTE CLAIMS 

1 . (Currently amended) A method for partitioning of cryptographic functionality so as to 
permit delegation of at least one of a plurality of distinct portions of the cryptographic functionality 
from a delegating device to at least one recipient device, the cryptographic functionality being 
characterized as a graph comprising a plurality of nodes, the method comprising the steps of: 

associating a given set of the nodes with a corresponding one of the plurality of distinct 
portions of the cryptographic functionality; and 

transmitting from the delegating device to the recipient device information representative of 
one or more of the nodes; 

the recipient device being configured based on the transmitted information for authorized 
execution of a corresponding one of the plurality of distinct portions of the cryptographic 
fiinctionality; 

wherein the nodes of the graph are arranged in a plurality of levels with one or more nodes at 
each level; 

wherein the nodes correspond to respective seeds; and 

wherein a first seed associated with a node of a first one of the levels is computed as a 
function of a second seed associated with a node of a second one of the levels higher than the first 
level; 

the transmitted information including the first seed but not the second seed . 

2. (Original) The method of claim 1 wherein at least one of the nodes of the graph 
corresponds to a seed the possession of which permits execution of a corresponding one of the 
distinct portions of the cryptographic functionality. 

3. (Original) The method of claim 1 wherein the transmitting step further comprises 
transmitting from the delegating device to the recipient device information representative of at least 
two of the nodes. 



2 



EMC-06-463 

4. (Original) The method of claim 1 wherein the transmitting step further comprises 
transmitting from the delegating device to the recipient device information representative of at least 
one parent node of the graph. 

5. (Original) The method of claim 1 wherein the transmitting step further comprises 
transmitting from the delegating device to the recipient device information representative of at least 
one child node of a parent node of the graph. 

6. (Original) The method of claim 1 wherein the graph comprises at least first and second 
root nodes. 

7. (Original) The method of claim 1 wherein the graph comprises a tree having at least first 
and second subtrees associated with respective first and second ones of the plurality of distinct 
portions of the cryptographic functionality. 

8. (Original) The method of claim 1 wherein the graph comprises a chain. 

9. (Original) The method of claim 1 wherein the graph comprises L levels of nodes, an Zth 

one of the levels comprising a parent node vl,\, and a first one of these levels comprising a set of 
seeds vi j, vi_2, ■ • • vi,„, where n is the total number of seeds, each of the seeds being derivable from 
the parent node. 

10. (Original) The method of claim 9 wherein an zth node of a Ath one of the levels is 
computed d&fiii, Vk\-\), where ^ is a one-way function. 

1 1 . (Original) The method of claim 10 wherein the nodes of one or more of the levels are 
arranged in the form of tuples of designated numbers of nodes. 



3 



EMC-06-463 

12. (Original) The method of claim 1 1 wherein the fth node of a jth tuple of the kth level is 
computed asfkfj, i, Vk+\j). 

13. (Original) The method of claim 1 wherein the cryptographic functionality comprises a 
cryptographic functionality provided by a hardware-based authentication token. 

14. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to verify at least one of an authentication code and a distress code generated by a hardware- 
based authentication token. 

1 5 . (Original) The method of claim 1 4 wherein the authentication token is configured to store 

at least two seeds, and the cryptographic functionality comprises a verification operation performed 
collaboratively by at least first and second servers each storing one of the seeds. 

16. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to generate at least one of an authentication code and a distress code utilizing a hardware- 
based authentication token. 

17. (Original) The method of claim 1 wlierein the cryptographic functionality comprises at 
least one of an ability to verify a signature and an ability to generate a signature. 

18. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to generate one or more values of a one-way chain. 

19. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to perform symmetric cryptographic operations. 
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20. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to perform asymmetric cryptographic operations. 

21. (Original) The method of claim 1 wherein the cryptographic fimctionality comprises an 
ability to derive one or more cryptographic keys. 

22. (Original) The method of claim 1 wherein the cryptographic functionality comprises an 
ability to compute one or more seeds. 

23. (Original) The method of claim 22 wherein at least one of the seeds corresponds to at 
least one of the nodes of the graph. 

24. (Original) The method of claim 1 wherein the cryptographic functionality is partitioned 
in accordance with a subscription model which requires compliance with at least one specified 
criterion for transmission from the delegating device to the recipient device of the information 
representative of one or more of the nodes. 

25. (Original) The method of claim 24 wherein compliance with the specified criterion is 
satisfied upon receipt of a designated payment. 

26. (Original) The method of claim 1 wherein the recipient device and the delegating device 
collaborate to perform at least one of a cryptographic verification function and a cryptographic 
generation function. 

27. (Original) The method of claim 26 wherein the recipient device includes only a limited 
computational ability associated with performance of the cryptographic function. 
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28. (Currently amended) An apparatus comprising: 

a processing device comprising a processor coupled to a memory; 

the processing device being utilized in conjimction with partitioning of cryptographic 
functionality so as to permit delegation of at least one of a plurality of distinct portions of the 
cryptographic functionality from the processing device, configured as a delegating device, to at least 
one recipient device, the cryptographic fiinctionality being characterized as a graph comprising a 
plurality of nodes; 

the processing device being configured to associate a given set of the nodes with a 
corresponding one of the plurality of distinct portions of the cryptographic functionality, and to 
transmit to the recipient device information representative of one or more of the nodes, the recipient 
device being configured based on the transmitted information for authorized execution of a 
corresponding one of the plurality of distinct portions of the cryptographic functionality; 

wherein the nodes of the graph are arranged in a plurality of levels with one or more 
nodes at each level; 

wherein the nodes correspond to respective seeds; and 

wherein a first seed associated with a node of a first one of the levels is computed as a 
function of a second seed associated with a node of a second one of the levels higher than the first 
level; 

the transmitted information including the first seed but not the second seed . 

29. (Currently amended) An apparatus comprising: 

a processing device comprising a processor coupled to a memory; 

the processing device being utilized in conjunction with partitioning of cryptographic 

functionality so as to permit delegation of at least one of a plurality of distinct portions of the 
cryptographic functionality to the processing device, configured as a recipient device, from at least 
one delegating device, the cryptographic functionality being characterized as a graph comprising a 
plurality of nodes; 
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a given set of the nodes being associated with a corresponding one of the plurality of 
distinct portions of the cryptographic fiinctionality; 

the processing device being operative to receive from the delegating device 
information representative of one or more of the nodes, the processing device being configured 
based on the received information for authorized execution of a corresponding one of the plurality of 
distinct portions of the cryptographic functionality; 

wherein the nodes of the graph are arranged in a plurality of levels with one or more 
nodes at each level; 

wherein the nodes correspond to respective seeds: and 

wherein a first seed associated with a node of a first one of the levels is computed as a 
fimction of a second seed associated with a node of a second one of the levels higher than the first 
level: 

the received information including the first seed but not the second seed . 

30. (Currently amended) A machine-readable storage medium containing one or more 
soflware programs for use in partitioning of cryptographic fimctionality so as to permit delegation of 
at least one of a plurality of distinct portions of the cryptographic functionality fi-om a delegating 
device to at least one recipient device, the cryptographic functionality being characterized as a graph 
comprising a plurality of nodes, wherein the one or more software programs when executed by the 
delegating device implement the steps of: 

associating a given set of the nodes with a corresponding one of the plurality of 
distinct portions of the cryptographic functionality; and 

transmitting from the delegating device to the recipient device information 
representative of one or more of the nodes; 

the recipient device being configured based on the transmitted information for 
authorized execution of a corresponding one of the plurality of distinct portions of the cryptographic 
fimctionality; 
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wherein the nodes of the graph are arranged in a plurality of levels with one or more 
nodes at each level: 

wherein the nodes correspond to respective seeds; and 

wherein a first seed associated with a node of a first one of the levels is computed as a 
function of a second seed associated with a node of a second one of the levels higher than the first 
level: 

the transmitted information including the first seed but not the second seed . 



